Using CERT Tapioca on VM

2

I have been attempting to get CERT Tapioca (http://www.cert.org/blogs/certcc/post.cfm?EntryID=203) running on my Mac so that I can test the SSL/HTTPS security of our Android app.

Up to this point, I have gotten the Tapioca VM running in VirtualBox but I have not had much success in getting MITMProxy (Tapioca includes MITMProxy) to respond to anything.

I have setup one NAT Adapter, which allows the VM to connect to the internet. I have then setup a Host-only Adapter, which I thought could allow me to use the VM as a proxy for my host machine. which I then thought would allow MITMProxy to catch all the data passing through.

The furthest I've gotten is being able to call the VM's IP Address from the host's web browser, and receiving an error in MITMProxy that says 502 Error connecting [Errno 111] Connection Refused

I would appreciate any tips about what I should be trying to do. I have a hunch this should not be so hard but I have come up empty when trying to search for an answer.

Chris

Posted 2014-10-01T23:48:38.207

Reputation: 171

Answers

1

IMHO you shouldn't be able to route the traffic of your Mac to a VM (Host-only Adapters) on this Mac, which relies on this Mac to route (NAT-Adapter) the whole traffic to the internet.

Solutions

  1. Set up a MacOS X VM with the Android SDK (probably), configure a Host-only Adapter and use the Tapioca VM as proxy/router for the MacOS X VM
  2. Set up a 2nd Mac and install mitmproxy and configure your main Mac to use the 2nd Mac as proxy/router

klanomath

Posted 2014-10-01T23:48:38.207

Reputation: 176

I will try this today and let you know how it goes. I have two Macs, so I will try option #2. – Chris – 2014-10-02T13:16:24.507

Asked: 2014-10-01T23:48:38.207

Viewed: 294 times

Active: 2014-10-02T01:33:58.250